- Prosecutor vows `solemn commitment' to Dec. 2 shooting victims
- Decision to avoid long legal battle marks victory for company
The U.S. said it has gained access to the data on an iPhone used by a terrorist and no longer needs Apple Inc.’s assistance, marking an end to a legal clash that was poised to redraw boundaries between personal privacy and national security in the mobile Internet age.
The Justice Department said a week ago that it was approached by an unidentified third party about a possible method to get into the phone. The government said in a court filing Monday that it “has now successfully accessed the data stored” on the iPhone 5c used by Syed Rizwan Farook, who with his wife carried out a December attack in San Bernardino, California. No details were provided on how investigators got the data.
The Justice Department was fighting Apple in an unprecedented court showdown when it abruptly asked last week to cancel a hearing before a federal magistrate judge over her order directing the company to help investigators get into the phone.
The decision to drop a legal battle that could have gone all the way to the U.S. Supreme Court marks a win for Apple. The Cupertino, California-based company resisted being forced to write new software that would make it easier for the FBI to break into the shooter’s phone. Chief Executive Officer Tim Cook said such a move would pose a threat to the privacy of hundreds of millions of iPhone users around the world, arguing that a backdoor of that nature could be exploited by less reputable parties.
While Apple has emerged victorious from the court tussle, the government’s claim that the FBI was able to hack the phone with the help of a third party tarnishes the iPhone’s purported security prowess. Monday’s filing signals that government agencies can break into phones with encryption systems that were designed to make them impenetrable.
The FBI was able to unlock the iPhone over the weekend without compromising the data stored on it using the method provided by the third party, according to a U.S. law enforcement official.
Investigators are currently reviewing the information obtained from the phone, said the official who spoke to reporters on the condition of being anonymous. The official declined to provide any details, such as what was on the phone, the identity of the third party or how the method worked. The official also declined to say whether the U.S. will give Apple details about the hacking method.
“Our decision to conclude the litigation was based solely on the fact that, with the recent assistance of a third party, we are now able to unlock that iPhone without compromising any information on the phone,” Eileen Decker, the U.S. attorney in Los Angeles, said in a statement. “We sought an order compelling Apple to help unlock the phone to fulfill a solemn commitment to the victims of the San Bernardino shooting – that we will not rest until we have fully pursued every investigative lead related to the vicious attack.”
Apple said the court case never should have been brought.
“We will continue to help law enforcement with their investigations, as we have done all along, and we will continue to increase the security of our products as the threats and attacks on our data become more frequent and more sophisticated,” the company said in a statement. “Apple believes deeply that people in the United States and around the world deserve data protection, security and privacy. Sacrificing one for the other only puts people and countries at greater risk.”
The U.S. may have a harder time going back to court in future cases where it requires a company to cooperate with a similar investigation because, after first telling the judge only Apple could help unlock the phone, the government has come back a month later saying it doesn’t need Apple’s help after all, according to Victoria Schwartz, an associate law professor at Pepperdine University in Malibu, California.
“It looks like the government cried wolf," Schwartz said in a phone interview. “Next time, a court may take a more careful look at their request for a similar order.”
While the Justice Department repeatedly argued that a court ruling in the California case would only help it access the individual iPhone 5c affected, other technology companies from Facebook Inc. to Yahoo! Inc. rallied behind Apple’s claim that the matter could set a precedent which would allow other law enforcement agencies a backdoor into handsets.
In an effort to undermine Apple’s argument that the software could be abused by authoritarian regimes, Department of Justice lawyers had highlighted the thousands of times the company helped China access data last year. Nonetheless, Apple has disclosed that U.S. authorities targeted twice as many devices in similar instances.
Apple regularly finds vulnerabilities in its iOS mobile software that it remedies with each new update. Such an upgrade was rolled out last week, including the fixing of a flaw found by two researchers at security consultancy Inverse Path. The Trieste, Italy-based company told Bloomberg News it might theoretically be possible to use the vulnerability, which could be accessed via the USB drive, to modify a phone’s software and bypass security measures.
Several researchers had also outlined how so-called NAND mirroring might be used to break into the phone. In that method, the FBI could copy the hard drive contents onto a separate drive, then should incorrect password combinations prompt the security measures to wipe the drive, the agency could reinstall them and try again.
Federal Bureau of Investigation Director James Comey said last week that the government wasn’t using the latter method, and the agency has declined to outline exactly how it was working to break into the phone. Apple lawyers said before Monday’s announcement that they expect the FBI to explain any successful method it discovers.
The government has not yet said whether it will pursue a similar fight in Brooklyn, New York, where authorities are trying to crack Apple’s encryption on a drug dealer’s phone. Apple won a first round of the dispute in February, and the U.S. has asked that the ruling be reversed. The San Bernardino case involves a newer operating system -- iOS 9 -- as compared with the iOS 7 device in Brooklyn.
On Tuesday, the government agreed to go along with Apple’s request for more time to respond to a renewed U.S. application for an order compelling the company to help in unlocking the iPhone in Brooklyn.
Apple had sought an extension to April 15 to respond to the government’s request, saying it didn’t have enough information to determine the best way to proceed.
Legally, the question remains open whether the government can force a private
corporation to write code to help with an investigation, said Schwartz, the law professor
“This issue is not going to go away,” Schwartz said.
The case is In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, 16-00010, U.S. District Court, Central District of California (Riverside).